Securities Law Update: March 1998

"Year 2000" or "Y2K" problems arise out of the inability of certain computer systems to properly recognize and handle dates after December 31, 1999. This generally happens because the system was designed to use only two digits to represent the year. Such a system may interpret "00" as 1900 or some other year. The problem can affect hardware, software and embedded systems.

In many cases, the problem will manifest itself before the year 2000. An example would be where a company attempts in 1999 to schedule an account payable to be paid in the year 2000. Other problems may not manifest themselves until midnight on New Year's Eve of 1999. Examples of this include the internal clocks in certain personal computers, which might suddenly reset themselves to 1980. Potential areas of concern include not only computers of all types (mainframes, personal computers, networks and storage systems) but also communications systems, security systems, manufacturing systems, automated warehouse equipment, process control, or any other type of automated system that depends on an internal date tracking system.

The most obvious way in which a company can be adversely affected by a Year 2000 issue is if its own computer or automation systems fail to operate properly. Another fairly obvious risk is that makers or sellers of computer hardware or software may become liable to their customers if their products fail to comply with express or implied warranties or are otherwise deemed defective. Less obvious, but potentially equally serious risks, include the possibility that third parties upon whom the company relies will have their operations interrupted by a Year 2000 problem, or that manufacturers of non-computer products which depend on embedded logic will unexpectedly find that their products are failing, subjecting them to potential liability.

Corporate Disclosure Obligations
Corporations, and their management, personally, may be subject to liability if they fail to meet disclosure obligations. The SEC has become increasingly vocal on the subject of Year 2000 disclosure. Staff Legal Bulletin No. 5 (revised most recently on January 12, 1998)1 sets forth a strict set of disclosure requirements to be made by public companies in their '34 Act filings. Some key points about these requirements:

1. If companies have not audited their systems for Y2K problems, the lack of knowledge is a "known uncertainty" that should be disclosed. The same could be true if the company is dependent on suppliers or other third parties and does not know whether they have Y2K problems.
   
2. If companies have evaluated their systems and are planning on renovating or replacing their systems, then they need to evaluate the extent to which the costs of such work are material in the context of the individual company's financial situation, and make appropriate disclosure of material costs and risks. To the extent that risks are material, companies should disclose:
   1. Cost of addressing Y2K issues
   2. Effect of Y2K expenditures on the company
   3. General plans to address Y2K issues
3. Companies should evaluate the risks to their businesses of untimely or incomplete repair of their systems (and perhaps, systems of their customers and suppliers, and business partners) and to the extent that such risks are material, make disclosure of such risks.
   
4. In the above situations, the SEC views as material those costs and uncertainties that would render currently reported financial information to be not "necessarily indicative of future operating results."
   
   In recent Congressional testimony, the SEC's Director of the Division of Corporate Finance stated that SEC staff will begin "special reviews" of filings by companies in "selected industries" most likely to be affected by Year 2000 problems. The special reviews will result in staff members issuing comments and requesting amended filings if necessary. The reviews will begin with the disclosure in annual reports for companies with fiscal years ending December 31, 1997.

   Corporate, Directors and Officers Liability
   If corporate management fails to take appropriate steps to address Year 2000 problems, the company, and directors and officers of the company, may become liable to shareholders and others on various theories of corporate mismanagement and breach of fiduciary duty. Accordingly, every company should consider the appointment of a Year 2000 compliance officer. The Year 2000 compliance officer should be a member of senior management; should be personally responsible for investigating and understanding the company's Year 2000 exposure; and should report to the full management and to the board of directors. Any Year 2000 program should consider the need for and appropriate involvement of outside expert consultants . including, specifically, outside legal counsel. This prudent approach to Year 2000 issues may be the foundation for an important "business judgment" defense in the event that, despite best efforts, Year 2000 problems have an adverse impact on the company. For more information about Year 2000 legal issues, visit our Year 2000 area.

Is the year 2000 only an internal operational problem for the company, or will it have an effect on the company's products and/or services?

What is the company's schedule for fixing and testing your systems? Can you send me a copy of the company's schedule?

Even if you don't believe the costs or potential effects of the year 2000 are material, can you tell me how much the year 2000 problem will cost the company?

Have any of the company's officers or members of the board bought personal liability insurance specifically for year 2000 problems?

As a manufacturer or supplier of (computer equipment, software, medical equipment, computer services, . . .), are you concerned about the potential liabilities associated with the company's products or services? What is your best assessment of corporate exposure to legal actions arising from equipment or software failures associated with the company's products or services?